A Bit(Short)Sighted Security Rating
July 14, 2022

A Bit(Short)Sighted Security Rating

Anonymous | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User

Overall Satisfaction with BitSight Security Ratings

BitSight Security Ratings was evaluated for use in our vendor management project. BitSight utilizes a proprietary analysis of a domain's online presence to evaluate risk and track changes over time and provide a risk score (much like a credit score). We evaluated BitSight as a way of providing numeric risk values to vendors prior to bringing them into our environment.
  • Security hygiene tracking over time
  • Understandable risk score based on observations
  • Predictability model of potential cyber security issues based on security habits.
  • Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays.
  • Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data.
  • Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders.
  • Easy to understand risk score
  • Industry average vs vendor score for comparisons
  • Trending of data over years for well known companies.
  • Wasted resource hours cleaning up data to correct erroneous risk score.
  • Extra time spent addressing calls from clients about erroneous risk score data.
  • Extra time validating risk score provided by BitSight Security Ratings for potential vendors to ensure valid data.
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.

Do you think BitSight Security Ratings delivers good value for the price?

No

Are you happy with BitSight Security Ratings's feature set?

No

Did BitSight Security Ratings live up to sales and marketing promises?

No

Did implementation of BitSight Security Ratings go as expected?

Yes

Would you buy BitSight Security Ratings again?

No

If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.